It’s Not A VPN-busting Bug, It’s A Social Media Enhancer For UNIX Users

Source: The Register It’s Not A VPN-busting Bug, It’s A Social Media Enhancer For UNIX Users

They Even Need To Be Network Adjacent To Make Use Of It!

Kidding aside, this vulnerability applies to most UNIX based OSes, with most Linux distros, Android, iOS, macOS, FreeBSD, and OpenBSD all affected.  The attacker needs to be able to intercept your data, which means they need to already be on the same network span as your machine or by having control of the router or other exit point, but if they do they can use this flaw to determine the exact SEQ and ACK numbers in your encrypted session.

That information can be used to successfully inject data, hijack the connection and possibly redirect your VPN session to imposter pages or other places on the web you really don’t want to go to. Not all VPNs are vulnerable, the researches quoted at The Register tested this on OpenVPN, WireGuard, and IKEv2/IPSe.  Check out more there.

A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!